You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

47 lines
1.3 KiB

cgi-io: implement exec action Implement a new "cgi-exec" applet which allows to invoke remote commands and stream their stdandard output back to the client via HTTP. This is needed in cases where large amounts of data or binary encoded contents such as tar archives need to be transferred, which are unsuitable to be transported via ubus directly. The exec call is guarded by the same ACL semantics as rpcd's file plugin, means in order to be able to execute a command remotely, the ubus session identified by the given session ID must have read access to the "exec" function of the "cgi-io" scope and an explicit "exec" permission rule for the invoked command in the "file" scope. In order to initiate a transfer, a POST request in x-www-form-urlencoded format must be sent to the applet, with one field "sessionid" holding the login session and another field "command" specifiying the commandline to invoke. Further optional fields are "filename" which - if present - will cause the download applet to set a Content-Dispostition header and "mimetype" which allows to let the applet respond with a specific type instead of the default "application/octet-stream". Below is an example for the required ACL rules to grant exec access to both the "date" and "iptables" commands. The "date" rule specifies the base name of the executable and thus allows invocation with arbitrary parameters while the latter "iptables" rule merely allows one specific set of arguments which must appear exactly in the given order. ubus call session grant '{ "ubus_rpc_session": "...", "scope": "cgi-io", "objects": [ [ "exec", "read" ] ] }' ubus call session grant '{ "ubus_rpc_session": "...", "scope": "file", "objects": [ [ "/bin/date", "exec" ], [ "/usr/sbin/iptables -n -v -L", "exec" ] ] }' Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years ago
  1. #
  2. # Copyright (C) 2015 OpenWrt.org
  3. #
  4. # This is free software, licensed under the GNU General Public License v2.
  5. # See /LICENSE for more information.
  6. #
  7. include $(TOPDIR)/rules.mk
  8. PKG_NAME:=cgi-io
  9. PKG_RELEASE:=20
  10. PKG_SOURCE_PROTO:=git
  11. PKG_SOURCE_URL=$(PROJECT_GIT)/project/cgi-io.git
  12. PKG_SOURCE_DATE:=2021-09-08
  13. PKG_SOURCE_VERSION:=98cef9dda63623eff07bd574ad7c98ef282af18d
  14. PKG_MIRROR_HASH:=dfbec859e261ef6851f76474739c19baaadc1e5cd3ae2d2b9d56a7782ac79963
  15. CMAKE_INSTALL:=1
  16. PKG_LICENSE:=GPL-2.0-or-later
  17. PKG_MAINTAINER:=John Crispin <blogic@openwrt.org>
  18. include $(INCLUDE_DIR)/package.mk
  19. include $(INCLUDE_DIR)/cmake.mk
  20. define Package/cgi-io
  21. SECTION:=net
  22. CATEGORY:=Network
  23. SUBMENU:=Web Servers/Proxies
  24. DEPENDS:=+libubox +libubus
  25. TITLE:=CGI utility for handling up/downloading of files
  26. endef
  27. define Package/cgi-io/description
  28. This package contains an cgi utility that is useful for up/downloading files
  29. endef
  30. define Package/cgi-io/install
  31. $(INSTALL_DIR) $(1)/usr/libexec $(1)/www/cgi-bin/
  32. $(INSTALL_BIN) $(PKG_BUILD_DIR)/cgi-io $(1)/usr/libexec
  33. $(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-upload
  34. $(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-download
  35. $(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-backup
  36. $(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-exec
  37. endef
  38. $(eval $(call BuildPackage,cgi-io))